Automotive telemetry protocol

ABSTRACT

Disclosed is a method of conveying vehicle operation data from a vehicle to a remote monitoring recipient, comprising the steps of establishing a data link between the vehicle and the remote monitoring recipient; collecting vehicle operation data from data sources in the vehicle; packaging the vehicle operation data in a data packet using protocol derived from SNMP; and conveying the data packet over the data link.

REFERENCE TO CO-PENDING APPLICATIONS

This application is a Continuation of U.S. patent application Ser. No.10/014,889, filed Dec. 14, 2001 now abandoned, which is a Continuationof International Application No. PCT/CA00/00712 (designating the UnitedStates), filed Jun. 19, 2000, which claims benefit of U.S. patentapplication Nos. 60/139,573, filed Jun. 17, 1999; 60/148,270, filed Aug.11, 1999; and is a Continuation-in-Part of U.S. patent application Ser.No. 09/556,289, filed Apr. 24, 2000, which is a Continuation-In-Part ofU.S. patent application Ser. No. 09/140,759 (now U.S. Pat. No.6,263,268), filed Aug. 26, 1998 which claims the benefit of U.S. PatentApplication No. 60/056,388, filed Aug. 26, 1997 and is aContinuation-In-Part of International Application No. PCT/CA98/00986,filed Oct. 23, 1998 (which designates the U.S. and was published inEnglish as International Publication No. WO 99/22497 on May 6, 1999),which claims benefit of U.S. Patent Application No. 60/063,218, filedOct. 23, 1997; and also claims benefit of U.S. Patent Application No.60/148,270, filed Aug. 11, 1999 and of U.S. Patent Application No.60/187,022, filed Mar. 6, 2000. This application is also a Continuationof International Application No. PCT/CA01/01420 (designating the UnitedStates), filed Oct. 15, 2001, which claims benefit of U.S. PatentApplication Nos. 60/239,920 filed Oct. 13, 2000; 60/252,885, filed Nov.27, 2000; and 60/255,896, filed Dec. 18, 2000. All of theabove-referenced patents and patent applications are incorporated hereinby reference.

BACKGROUND OF THE INVENTION

1. Field of the Invention

The present invention relates to automotive telemetry protocols andtheir use in Intelligent Transportation Systems.

2. Description of the Related Art

Conventionally, vehicles have been known to exchange data with adiagnostic computer system (such as in a repair garage) over a hardwiredor infrared data link, or a regulatory computer system (such as anelectronic toll highway) by a data link using a low power transponder.

More sophisticated vehicular telemetry for commercial fleets has beenmade possible in the last several years through both terrestrial andsatellite RF packet networks. In these vehicular telemetry systems,vehicle sensor data can be transported over wireless data links to acomputer that is programmed to monitor and record automotive phenomenaand to support database systems for vehicular maintenance, without theneed for the vehicle to be in a particular service bay for example.However, these systems are relatively expensive to operate.

A considerable amount of research is being dedicated to developingfeasible Intelligent Vehicle Highway Systems (IVHS) which arecomputer-assisted methods to manage highway infrastructures, synchronizetraffic lights, measure traffic flow, to alert drivers to ongoingtraffic conditions through electronic billboards and other innovationsaimed at improving the quality and efficiency of road transportationsystems for vehicles.

The California Air Resources Board (CARB) has been a leader inestablishing standards for monitoring vehicle emissions. A recent CARBinitiative, known as OBD-III, is the third generation of on-boarddiagnostic requirements, calling for an emissions regulatory agency toretrieve, remotely, diagnostic data from vehicles, thereby avoiding theneed for a visit to a clean air inspection station. In one pilotprogram, a low-power transponder was used on each vehicle, capable oftransferring data between the vehicle and a roadside receiver. Ofcourse, in order for the OBD-III proposal to proceed, each vehicle musthave a system capable of collecting and dispatching the requested datathrough the transponder. CARB is actively reviewing currently availabletechnologies and is surveying the telecommunications industry to seewhat future equipment is planned. The operating platforms tested thusfar by CARB have been relatively cumbersome and have limited capabilityto be used for other data exchange needs in the future. There isinterest in finding a platform that will be economical to operate inorder to minimize the financial burden placed on the consumer toimplement the proposal.

Moreover, it would be desirable for the chosen platform to be capable ofdoing more than just sending diagnostic information to a clean airagency. Both the telecom and auto industries are looking at ways toutilize the tremendous business opportunities of reaching urbancommuters in their vehicles while they devote several hours each day totheir commute.

Vehicular traffic has become a major problem for urban planners. Withland values skyrocketing and land-use issues becoming more of a concern,planners are looking for ways of getting more vehicles through existingcommuter arteries as an alternative to expanding them. It is also knownthat the actual volume of traffic handled by a thoroughfare plummetswhen traffic becomes congested. Therefore, it would be desirable to havevehicles which are capable of exchanging data with themselves as a wayto control such things as safe driving distances to avoid collisions andexchanging data with traffic monitoring systems to control such thingsas driving speeds.

It is therefore an object of the present invention to provide animproved platform for vehicular telemetry.

It is a further object of the present invention to provide an improvedvehicular telemetry system which is relatively inexpensive, yet capableof exchanging a range of useful data through a data communicationssystem between a vehicle and a fixed location.

It is still a further object of the present invention to provide avehicle communications system in which the vehicles therein are eachcapable of communicating both through a data communications system andwith themselves.

SUMMARY OF THE INVENTION

In one of its aspects, the present invention provides a method ofconveying vehicle operation data from a vehicle to a remote monitoringrecipient, comprising the steps of:

-   -   establishing a data link between the vehicle and the remote        monitoring recipient;    -   collecting vehicle operation data from data sources in the        vehicle;    -   packaging the vehicle operation data in a data packet using        protocol derived from SNMP; and    -   conveying the data packet over the data link.

In another of its aspects, the present invention provides a method ofconveying vehicle operation data from a vehicle server to a remotemonitoring client, comprising the steps of:

-   -   establishing a data link between the vehicle and the remote        monitoring client;    -   collecting vehicle operation data from data sources in the        vehicle server;    -   packaging the data in a protocol data unit having a protocol        data unit payload, the payload including a plurality of VARIABLE        BINDING fields, each VARIABLE BINDING field having an OBJECT        IDENTIFIER field of two bytes, a VALUE TYPE field of one byte        and a VARIABLE BINDING value of a size according to the VALUE        TYPE field; and    -   conveying the protocol data unit over the data link.

In still another of its aspects, the present invention provides a methodof collecting vehicle operation data from a vehicle for latertransmission to a remote monitoring recipient in a manner to minimizethe bandwidth requirements for the later transmission, comprising thesteps of:

-   -   providing a vehicle on-board computing device;    -   providing a number of data acquisition modules, each to measure        one or more operating characteristics of the vehicle, the        operating characteristics corresponding to current values of a        set of managed objects;    -   interfacing the vehicle on-board computing device with each of        the data acquisition modules;    -   configuring the vehicle on-board computing device to:        -   a) form a diagnostic information base for receiving and            storing values for each of the managed objects from each of            the corresponding data acquisition modules;        -   b) assemble an event report based on information contained            in the diagnostic information base; and        -   c) package the event report in a protocol data unit            according to an SNMP-derived protocol.

Preferably, the operating characteristics include such things as GPSposition, engine speed, road speed, odometer, or engine temperature, oran OBD-II parameter related to vehicle emissions. One OBD-II parameteris misfire detection, though others are also applicable, such as the O₂sensor.

In one embodiment, the present invention further comprises the step ofenabling the vehicle on-board computing device to:

-   -   a) establish a data link with the remote monitoring recipient;        and    -   b) convey the protocol data unit over the data link.

The collecting and packaging and conveying steps may occur at the sameor they may occur at different times. The computing device, in thiscase, may be enabled to collect data at regular or irregular intervalsand accumulate some types of data for later transmission, such asdistance traveled, or other types of data for immediate transmission,such as a current GPS position or an exceeded regulatory threshold.Alternatively, there may be some instances where the computing device isenabled to convey the protocol data unit over a wired or other datalink.

Preferably, the method includes the step of enabling the remotemonitoring recipient to issue a GET protocol data unit to retrieve thecurrent values for a specific set of managed objects from the vehicleon-board computing device. In this case, the remote monitoring recipientis enabled to wait for an acknowledgment to the GET protocol data unitby the vehicle on-board computing device.

Preferably, the method includes the step of enabling the vehicleon-board computing device to issue a TRAP protocol data unit to report avehicular event.

Preferably, the method includes the step of enabling the vehicleon-board computing device to:

-   -   a) store threshold values or a reporting interval for each        vehicular event; and    -   b) issue each TRAP protocol data unit, either when a threshold        value has been exceeded or at a corresponding reporting        interval.

In this case, the TRAP protocol data unit may report such vehiclereports as GPS position and the like.

Preferably, the method includes the step of issuing an INFORM protocoldata unit from the vehicle to report an exceptional vehicular event. Themethod, in this case, preferably includes the step of enabling thevehicle on-board computing device to:

-   -   a) store any one of a plurality of specifications for        exceptional vehicular events in the diagnostic information base,        including one or more regulatory exceptions, maintenance        exceptions or operational exceptions; and    -   b) issue the INFORM protocol data unit when any one of the        specified events occurs.

In one embodiment, the diagnostic information base contains aspecification of what constitutes the occurrence of an “event” and notthe event itself. When the event occurs, a record of the event is madein a transmission queue and remains there until an acknowledgmentmessage (in this case a RESP message) is received by the onboardcomputing device. Accordingly, the method provides, in one embodiment,for a storage of vehicular events in a register or other temporarystorage module, the events being specified in the diagnostic informationbase.

The managed object, for example, may be ENGINE TEMPERATURE, and theconditions for that managed object may be a MAXIMUM THRESHOLD, CURRENTVALUE, and a TIME COUNT for recording when the current value is to bemeasured.

An example of a diagnostic information base is shown in the followingtable:

TABLE 1 MANAGED VALUE OBJECT VALUE 1 VALUE 2 VALUE 3 4 TE: ENGINETHRESHOLD CURRENT MEASURE TEMPERATURE VALUE EVERY 10 MINUTES TO2: O2THRESHOLD CURRENT MEASURE SENSOR VALUE EVERY 30 MINUTES

An example of an event recording register is shown in the followingtable showing the current values for the managed objects at a particulartime T=T1

TABLE 2 X_(T1) Y_(T1)

In one example, the INFORM protocol data unit is sent as a result of aregulatory threshold level being exceeded.

Preferably, the method includes the step of enabling the vehicularonboard computing device to wait for a confirmation that a previousINFORM protocol data unit has been logged in a data base by the remotemonitoring recipient. In this case, the method preferably also includesthe step of re-transmitting the INFORM protocol data unit in the absenceof a confirmation that a previous INFORM protocol data unit has beenlogged in a database by the remote monitoring recipient.

Preferably, the method includes the step of enabling the remotemonitoring recipient to issue a SET protocol data unit to the vehicleon-board computing device to set one or more of the managed objects.

The wireless data link may be a radio frequency band under the IEEE802.11 standard, a satellite RF packet network or a terrestrial RFpacket network, or others.

In one embodiment, the protocol data unit is a “request”-type (GET, SETor INFORM) protocol data unit, the protocol data unit excluding theERROR STATUS and ERROR INDEX fields of the SNMP protocol.

In one embodiment, the protocol data unit excludes the LENGTH field ofeach variable binding of the SNMP protocol.

In still another of its aspects, the present invention provides a methodof conveying vehicle operation data from a vehicle to a remotemonitoring recipient, comprising the steps of:

-   -   establishing a data link between the vehicle and the remote        monitoring recipient;    -   collecting vehicle operation data from data sources in the        vehicle;    -   packaging the vehicle operation data in a data packet using        protocol derived from SNMP; and    -   conveying the data packet over the data link, the protocol data        unit being issued in response to a request by the remote        monitoring recipient and containing both the request and        requested values in the request and being encapsulated within a        single message and in a single unfragmented network packet.

In still another of its aspects, the present invention provides a methodof collecting vehicle operation data from a vehicle for latertransmission to a remote monitoring recipient in a manner to minimizethe bandwidth requirements for the later transmission, comprising thesteps of:

-   -   providing a vehicle on-board computing device;    -   providing a number of data acquisition modules, each to record a        current value of a managed object of the vehicle;    -   interfacing the vehicle on-board computing device with each of        the data acquisition modules;    -   configuring the vehicle on-board computing device to:        -   a) form a diagnostic information base for receiving and            storing values of the managed objects from each of the data            acquisition modules;        -   b) assemble an event report based on information contained            in the diagnostic information base; and        -   c) package the event report into a protocol data unit, the            protocol data unit including a protocol data unit payload            having a plurality of VARIABLE BINDING fields, each VARIABLE            BINDING field having an OBJECT IDENTIFIER field of two            bytes, a VALUE TYPE field of one byte and a VARIABLE BINDING            value of a size according to the VALUE TYPE field.

In one embodiment, the protocol data unit includes a header having a PDUTYPE data element with a value corresponding to one of a set of values,the set including a GET value, a SET value, a TRAP value, an INFORMvalue and a RESPONSE value.

In still another of its aspects, the present invention provides acomputer implemented system for conveying vehicle operation data from avehicle to a remote monitoring recipient, comprising:

-   -   a vehicle on-board computing device in communication with a        number of vehicle operation data sources in the vehicle;    -   a wireless communications device for establishing a wireless        data link with the vehicle on-board computing device and the        remote monitoring recipient;    -   the vehicle on-board computing device being enabled to package        the vehicle operation data in a data packet using protocol        derived from SNMP for transmission to the remote monitoring        recipient over the wireless data link.

In still another of its aspects, the present invention provides acomputer-readable data structure for collecting and conveying vehicleoperation data from a vehicle to a remote monitoring recipient,comprising:

-   -   an application module for receiving vehicle operation data from        a number of data sources in the vehicle;    -   a storage module for storing a diagnostic information base, the        diagnostic information base including a number of managed        objects for a number of vehicle operation parameters and a        number of values for each of the managed objects; and    -   a communication module for conveying protocol data units under a        protocol derived from SNMP over a wireless data link to the        remote monitoring recipient.

In still another of its aspects, the present invention provides acomputer program product encoded in a computer readable medium includinga plurality of computer executable steps for a computer on-board avehicle for collecting and conveying vehicle operation data from thevehicle to a remote monitoring recipient, comprising:

-   -   receiving vehicle operation data from a number of data sources        in the vehicle;    -   storing, in a diagnostic information base, a plurality of        managed objects for each of a number of vehicle operation        parameters;    -   establishing a wireless data link between the computer and the        remote monitoring recipient.    -   conveying a number of protocol data units under a protocol        derived from SNMP over a wireless data link to the remote        monitoring recipient.

In still another of its aspects, the present invention provides a signalpropagated on a carrier medium, the signal including a packaged protocoldata unit containing a payload encoding predetermined operational dataof an automotive vehicle, according to a protocol derived from SNMP.

Preferably, the payload includes a plurality of VARIABLE BINDING fields,each VARIABLE BINDING field having an OBJECT IDENTIFIER field of twobytes, a VALUE TYPE field of one byte and a VARIABLE BINDING value of asize according to the VALUE TYPE field data unit.

Preferably, the payload includes a GPS position segment, a GPS headingsegment, a vehicle speed segment or an OBD-II vehicle emissions segment.

In still another of its aspects, the present invention provides a systemfor conveying vehicle operation data from a vehicle to a remotemonitoring recipient, comprising:

-   -   vehicle on-board computing means in communication with a number        of vehicle operation data source means in the vehicle;    -   wireless communications means for establishing a wireless data        link with the vehicle on-board computing means and the remote        monitoring recipient;    -   the vehicle on-board computing means being enabled to package        the vehicle operation data in a data packet using protocol        derived from SNMP for transmission to the remote monitoring        recipient over the wireless data link.

In still another of its aspects, the present invention provides a methodof conveying vehicle operation data from a vehicle to a remotemonitoring recipient, comprising:

-   -   a step for establishing a data link between the vehicle and the        remote monitoring recipient;    -   a step for collecting vehicle operation data from data sources        in the vehicle;    -   a step for packaging the vehicle operation data in a data packet        using protocol derived from SNMP; and    -   a step for conveying the data packet over the data link.

In yet another of its aspects, there is provided a computer-readabledata structure for collecting and conveying vehicle operation data froma vehicle to a remote monitoring recipient, comprising:

-   -   an application module for receiving vehicle operation data from        a number of data sources in the vehicle;    -   a storage module for storing a diagnostic information base, the        diagnostic information base including a number of managed        objects for a number of vehicle operation parameters and a        number of values for each of the managed objects; and    -   a communication module for conveying protocol data units under a        protocol derived from SNMP over a wireless data link to the        remote monitoring recipient.

In still another of its aspects, the present invention provides acommunications network for exchanging data between a plurality ofvehicles, comprising a computing unit onboard a corresponding vehicle,wherein the computing unit in a given vehicle is operable to broadcastidentity messages and to receive equivalent identity messages from othervehicles in an adjacent region, where said messages are used to identifythe neighbouring vehicles in the network for exchanging data withselected ones of the vehicles therein.

Preferably, the computing unit is operable to update a list ofneighbouring vehicles. In this case, the computing unit may add newneighbour vehicles to the list as identity messages are received fromnew vehicles entering the region. Alternatively, the computing unit maydelete a given neighbour vehicle from the list when identity messagesare not received from the given neighbour vehicle after a predeterminedperiod of time. Alternatively, the computing unit deletes a givenneighbour vehicle vehicles from the neighbour database when the lack ofidentity messages received from the given neighbour vehicle indicatethat the neighbour vehicle has left the adjacent region.

Preferably, the medium of communications is a high frequency channelizedRF band and its use by each of said computing units is controlledaccording to the IEEE 802.11 Medium Access Control (MAC) protocol.

Preferably, the computing units are Internet addressable.

Preferably, the computing units are IPv6 addressable.

Preferably, the computing units exchange data using an SNMP-derivedprotocol.

Desirably, the identity messages include GPS information and the IEEE802.11 MAC address of the sender, wherein the GPS information includeslatitude, longitude, speed and heading information.

In one embodiment, all vehicles in the neighborhood broadcast theiridentity messages over a discovery time period that is sufficient toallow any given vehicle to recognize all its neighbours. Both the lengthof the discovery period and the geographic size of the region may beadjusted in proportion to the average speed of the vehicles in theneighborhood.

If desired, the channel selection for transmission of at least somemessages may be based on GPS heading.

In one embodiment, each of the computing units further comprises atransmitter and receiver capable of transmitting and receiving messagesunder an SNMP protocol.

In another of its aspects, the present invention provides an automotivevehicle as above.

In still another of its aspects, the present invention provides a datastructure comprising a speed segment, a heading segment and positionsegment. Preferably, the position segment includes a longitude portionand a latitude portion.

In another of its aspects, the present invention provides a signalpropagated on a carrier medium, the signal including a speed segment, aheading segment and a position segment. Preferably, the position segmentincludes a longitude portion and a latitude portion.

In still another of its aspects, the present invention provides avehicle comprising an onboard computing unit operable to receivemessages from other vehicles in an adjacent region for assembling aneighbourhood list for exchanging data with selected ones of thevehicles listed therein.

In yet another of its aspects, the present invention provides computerprogram product for operating a programmable computer system on board amotor vehicle, comprising a computer readable medium including thecomputer executable steps of receiving messages from other vehicles inan adjacent region and of assembling a neighbourhood list for exchangingdata with selected ones of the vehicles listed therein.

In yet another of its aspects, the present invention provides a motorvehicle comprising an onboard general purpose computer and a spreadspectrum radio, the spread spectrum radio operable to establish a datalink with a radio in at least one other neighbouring vehicle, whereinthe computer is operable to record messages from at least one othervehicle in an adjacent region for assembling a neighbourhood list, andto identify at least one vehicular event from data received on the datalink.

In yet another of its objects, the present invention provides acomputer-readable data structure for collecting and conveying vehicleoperation data from a vehicle on-board computing device and a remotemonitoring recipient, comprising:

-   -   a module for indexing a series of protocol values and        corresponding requests and responses for data exchange between        the vehicle on-board computing device and the remote monitoring        recipient;    -   a module for indexing a series of managed objects for a number        of operating characteristics of the vehicle; and    -   a module for recording values for each of the managed objects.

Preferably, the data structure further comprises a module for indexingan identity for each remote monitoring recipient.

Preferably, the data structure also includes a module for indexing alist of one or more authorization levels for each remote monitoringrecipient. These authorization levels may be used to impose conditionson the managed object values being conveyed to the recipient. Somerecipients may be entitled to all of the managed object values, othersto only some of the them, and still other requesting entities (those notin the list) entitled to none at all.

BRIEF DESCRIPTION OF THE DRAWINGS

Several preferred embodiments of the present invention will be provided,by way of example only, with reference to the appended drawing, wherein:

FIG. 1 is a schematic view of a protocol stack;

FIG. 2 is a schematic view of a UDP based protocol;

FIG. 3 is a schematic view of a TCP based protocol;

FIG. 4 is a schematic view of a header in a UDP based protocol;

FIGS. 5( a) and (b) are perspective schematic views of two networkarrangements;

FIG. 6 is a schematic view of an SNMP protocol data unit;

FIG. 7 is a schematic sequential view of a data gram exchange;

FIG. 8 is a schematic view of a GET protocol data unit example;

FIG. 9 is a schematic view of an MIB hierarchy for SNMP;

FIG. 10 is a schematic view of a portion of a DIB hierarchy;

FIG. 11 is a schematic view of a message sequence;

FIG. 12 is a schematic view of a network;

FIG. 13 is a schematic view of a protocol stack for exchanging datausing the network of FIG. 12;

FIG. 14 is a schematic view of another network;

FIG. 15 is a time plot of beacon frame sequence;

FIG. 16 a is a schematic view of a portion of an adhoc network;

FIG. 16 b is a time plot of beacon frames issued by vehicles in networkof FIG. 16 a;

FIG. 17 is a schematic view of another adhoc network

FIG. 18 is a schematic view of another protocol stack;

FIG. 19 is a schematic view of another protocol data unit;

FIG. 20 is a schematic view of a quadrant divided highway segment;

FIG. 21 is a schematic view of a data exchange during a drivingmanoeuvre; and

FIG. 22 is a schematic view of data exchange during another drivingmanoeuvre.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

Described herein below is a system and method which implements apeer-to-peer Internet-based protocol stack for vehicular diagnostictelemetry. This stack is intended to reside in on-board vehicularembedded systems and to enable remote PC workstations to interact withthese systems using standard communications API's such as Winsock.

The Session and Presentation layers of the stack are labeled theAutomotive Telemetry Protocol (ATP). ATP addresses the need for a clearspecification of the message formats, protocol procedures, securitymechanisms and external interfaces by which software can be developedfor implementation of OBD-III¹ on different mobile and fixed computingplatforms in an inter-operable fashion. ¹ On-Board Diagnostics III.Proposed legislation, spearheaded by the California Air Resources Board(CARB) requiring emissions-related diagnostic information from EngineControl Modules (ECM's) in vehicles to lead itself to retrieval overmobile communications networks.

Reviewed below are the objectives sought and then provides a moredetailed description of the layers 3-6 (network, transport, session andpresentation). It has been shown that the Session and Presentationlayers are derived from the specifications for Simple Network ManagementProtocol (SNMP). The underlying transport mechanism is a UDP/IP stackwith the UDP header compressed in the interest of bandwidth efficiency.

The issue of security is also addressed below, and the ability toconfigure an implementation of the stack such that specific sources ofdata can be restricted to specific requesting entities (“clients” ). Theapplication of the Secure Socket Layer (SSL) protocol is reviewed inorder to demonstrate the authentication of requests for information fromexternal sources by the on-board computer.

The protocol stack is applied to the exchange of operational databetween vehicles on the road. This is based on the concept of an “ad-hocnetwork” established within a “neighborhood” surrounding any givenvehicle. The ad-hoc network can co-exist with a data link to theInternet, using the same RF medium, provided that a roadsideinfrastructure is deployed. The potential of this technology to improvehighway safety is illustrated with various examples ofvehicle-to-vehicle exchange of operational information.

Also described a method for the integration of IEEE 802.11 complianttechnology in both intelligent vehicle and intelligent highway systems.Reference will be made herein below to Intelligent TransportationSystems or ITS to encompass any component of such systems, whether onboard a vehicle or part of the roadway infrastructure.

Much of the current focus of intelligent vehicle technology is directedat collision avoidance based on radar. On the other hand, intelligenthighway system development has been largely predicated on the use ofshort-range communications between the vehicle and the roadwayinfrastructure. However experts from both the automotive OEM's as wellas from government agencies have recognized that vehicle-to-vehiclecommunications constitutes an area that should be explored goingforward.

The IEEE 802.11 specification is a relatively new standard forhigh-speed wireless Local Area Networks (LAN). It uses a method of RFtransmission known as spread spectrum for which the 2.4 GHz range hasbeen made available as an unlicensed band. This technology is alsoidentified under the commercial banner Wi-Fi (Wireless Fidelity). Itspotential for application in the area of ITS is based on its commercialpotential. There are now Wi-Fi products commercially available that makeit possible to create network infrastructures supporting mobility forcomputer devices. Network interface cards (NIC's) are available enablingpersonal computers, including laptops and notebooks, to use Wi-Fi. Asthe popularity of Wi-Fi grows, it is expected that more mobile wirelessappliances (e.g. PDA's, cell phones) will appear in the marketplace thatexploit a growing infrastructure of access points through which userscan connect to the Internet wirelessly at bit transfer rates thatcurrently reach 11 Mbps.

One feature of IEEE 802.11 is the notion of ad hoc networking, whichenables two or more devices to communicate directly with one anotherwithout requiring a fixed access point. In other words, the networkinfrastructure is not a necessary condition for connectivity betweenmobile devices. As a result, IEEE 802.11 can support concurrentvehicle-to-vehicle and vehicle-to-infrastructure communications in noveland unexpected ways. This combination of flexibility, from a technicalperspective, and commercial appeal, is the essential rationale for usingIEEE 802.11 in ITS.

The method described in this document adheres to the principle ofimplementing fully-compliant 802.11 nodes, without modification of thespecification, to meet the requirements of ad hoc networking for ITS.

Relationship to ATP

The methods described here are intended to provide a platform on whichthe Automotive Telemetry Protocol (ATP) can operate between twovehicles. ATP is a session level protocol derived from SNMP that enablesa bi-directional client-server relationship to be established betweenthe two end points of the mobile communications [1]. In the context ofvehicle-to-vehicle communications, ATP allows a “client” vehicle to sendan asynchronous notification to specified “server” vehicle requiringacknowledgment. This request-response mechanism has applicationsdescribed later in this document.

Protocol Stack

FIG. 1 illustrates the complete protocol stack that is required for OBDIII, using the OSI (Open Systems Interconnect) reference model.

The protocol stack is intended to meet one or more of the followingobjectives:

-   -   Wireless Data Link Transparency

This refers to the need for technology-independence. It should bepossible for OBD-III compliance to be met using a variety of wirelessdata link technologies. Mobile devices should be able to use packetcellular, RF packet networks, wireless LAN (Wi-Fi), satellite or anycombination thereof.

-   -   Internet Connectivity (Beyond OEM Portals)

It should be possible for workstations at remote IP addresses tointeract directly with an on-board vehicular device that interfaces toOBD and other operational data within the vehicle. In other words, fullInternet connectivity between the vehicle and any remote host is adesired outcome that will enable authorized hosts to run applicationsthat do not have to transit the OEM's portals. This implies that thevehicular device needs to comply with standard protocol specificationsthat support peer-to-peer exchanges with any authorized host on theInternet. (See Security below in relation to the notion of authorizedhost).

-   -   Efficient Bandwidth Utilization

The data exchange between fixed sites, responsible for monitoring, andthe mobile units should not be unnecessarily “verbose”. There is atendency in wireless applications to assume that some form of “Web”presentation is required to simplify the user interface (UI), which hasbeen partly responsible for the development of Wireless ApplicationProtocol (WAP). WAP is a technique that offers some compromise betweenthe UI features of the Web and the need for bandwidth efficiency overairlinks. None of these considerations take into account the fact thattelemetry traffic is quite different in its purpose than other forms ofwireless data and should be supported in a different, yetstandards-based manner.

-   -   Standardized Data Exchange Mechanism

The higher levels (Session and Presentation) of the protocol stack needto be standardized, for obvious reasons. This will simplify the task ofcompliance with OBD-III in all jurisdictions that choose to implementthe regulations.

-   -   Security

The need for security has been stressed by CARB. Political acceptance ofthe OBD-III concept is dependent on the public's confidence that thetechnology will not become a form of state intrusion into individualprivacy. Motorists and vehicle owners should have the perception thatelectronic controls over the release of information are at least aseffective as those that are currently in use in Web-based E-commerce. Itis contemplated that the present system will, if needed, be capable ofimplementing public key cryptography above the Session layer, in muchthe same manner that it is done in business-to-consumer E-commerce. Thisensures that, although there is connectivity with any host on theInternet, only those hosts that obtain authorization through thesecurity mechanisms will receive any “attention” from the vehicle.

Network and Transport Layers UDP/IP—In order to understand the contextin which ATP operates, the underlying transport mechanism which supportsit's needs to be considered. The User Datagram Protocol (UDP) is atransport-level mechanism for “connectionless” client-servercommunications. UDP constitutes one of the transport protocols that canoperate over the Internet. The notion of a “connectionless” protocolrefers to the fact that there is no overhead dedicated to themaintenance of reliable end-to-end communications. In this sense, UDP isdistinguished from TCP (Transport Control Protocol). The shorter UDPheader (8 bytes) reflects this difference.

The basic protocol data unit (PDU) of the Internet is called a datagram.The datagram header contains a field that is used to designate theprotocol at the next level of the stack. The IANA² f values for UDP andTCP are, respectively, 17 and 6. The figures below show how the payloadof different datagrams can be intended for UDP and TCP, depending on thevalue of the “protocol” field in the datagram header. ² IANA (InternetAssigned Numbers Authority)

As mentioned above, the standard UDP header is eight (8) bytes inlength, consisting of:

-   -   source port (2 bytes)    -   destination port (2 bytes)    -   payload length (2 bytes)    -   checksum (2 bytes)

In the conventional uses of UDP, the source and destination ports areIANA-approved numbers associated with processes executing within thesender's and the receiver's address spaces, respectively. There iscurrently no assigned number for the present automotive telemetryapplication. The present system uses the number 0x0A (integer 10) tospecify the ATP port.³ ³ This number is, as yet, unassigned by IANA.

Compression of the UDP Header—In the application of automotivetelemetry, the overhead of the UDP header would consume wirelessbandwidth without providing any significant advantage to the protocol interms of flexibility or reliability. Both the source and destinationports can be constrained to use the same number. The payload length canbe derived from fields in the underlying network packet or data linkframe in which the UDP segment is encapsulated. Finally, the checksumcan be viewed as redundant, since the underlying data link protocol(s)should incorporate an integrity check of the data stream anyway.⁴ ⁴ Ifany of the data links traversed from source to destination do notincorporate integrity checks in the protocol, then the data integrity ofATP can be called into question. However, it is difficult to envisionsuch a case.

Given the need to minimize wireless bandwidth consumption, the UDPheader is, in one embodiment, reduced to 1 byte in the implementationherein of the mobile communications protocol stack, which is illustratedin FIG. 4. The value in this byte (0x0A or integer 10) identifies theATP port at both the source and destination.

Session and Presentation Layers—ATP resides conceptually at the SessionLayer. It is a request/response mechanism, similar to Simple NetworkManagement Protocol (SNMP), which ensures that for every message fromeither a mobile unit to the base location or vice versa, there is alwaysan acknowledgment. As such, exception reports from vehicles cannot bediscarded by the mobile computing platform until the base system hasconfirmed that they have been logged to a “persistent storage” database.

The design philosophy of ATP is based on Simple Network ManagementProtocol (SNMP) which enables remote diagnostics and configuration ofcommunications devices and is the de-facto standard with which elementsof the Internet infrastructure must comply. A comparison can be madebetween remote diagnostics of communications devices and mobilevehicles. This is illustrated graphically in FIGS. 5( a) and (b).

In SNMP the “managed entity” is typically a communication switchingdevice such as a bridge or router. This managed entity implements an“agent”, which is a software module responsible for retrieving requestedinformation and interacting with the remote “manager” through aninterface to the communications protocol stack. FIG. 5( a) shows thatthe top level of this stack is SNMP, which is essentially a combinationof the Session and Presentation Layers. The information that a remotemanager may request resides in the Management Information Base (MIB),which is a local repository for operational data collected by the devicedrivers controlling the hardware interfaces to the external world(“Communications Modules”). For instance, a router with an Ethernetadapter maintains statistics reporting the number of inbound andoutbound frames transiting the Ethernet interface. This information iscached in the MIB and is retrieved by the Agent on behalf of a remoteManager which has issued a request.

In the case of ATP, shown in FIG. 5( b) below, the entity equivalent tothe SNMP Manager is called a Monitor, and the managed entity is avehicular on-board computing device interfaced to various dataacquisition modules⁵. This is called the local data repository aDiagnostic Information Base (DIB). The information cached in the DIBoriginates from various sources such as the ECU diagnostic port, analogand digital sensors, GPS receiver, and so on. The three examples shownin the figure are: ⁵ The present version of such a device is called aUniversal On-Board Diagnostic Server (U-OBD).

-   -   SAE J-1979 (diagnostic test modes required for OBD-II)    -   GPS receiver    -   direct analog and digital input channels

This is by no means an exhaustive list of the possible sources of data.Other examples are:

-   -   SAE J-2190 (recommended supplement to legislation)    -   SAE J-2178 (Normal Vehicle Operation)    -   SAE J-1708 (heavy truck and bus)    -   SAE J-1939 (successor to J-1708)

SNMP and ATP Message Formats—

The SNMP message consists of a header⁶ and a Protocol Data Unit (PDU).The header contains two fields: ⁶ This describes the message headerformat of the initial version of SNMP. SNMPv3 specifies a more complexformat. This will become useful as a reference point when securitymechanism is specified for ATP.

-   -   Version Number

This specifies the version of SNMP that is being used by the originatorof the message.

-   -   Community Name

This serves as a primitive method of authentication. Managers belongingto a community are said to exist within the same administrative domain.When a management agent receives an SNMP message from a managercontaining a community name that it does not recognize, it does notparticipate in the SNMP operation.

In the present system, it is preferable to eliminate fields that arepotentially redundant in order to reduce the consumption of wirelessbandwidth. This is the case with the community name since, as will beshown, a much stronger form of authentication is required at thepresentation level (i.e. the layer above ATP). A version number willonly become necessary once ATP evolves beyond the experimental stage.

SNMP Protocol Operations—The rest of the SNMP message is the ProtocolData Unit (PDU). There are four (4) basic types of request PDU definedin the SNMP specification [1]⁷: 7 The document in reference [1] is themost recent RFC (Request for Comment) for the initial version of SNMP.The full complement of specifications for SNMP also includes a set ofRFC's for SNMPv2, which extends the functionality of SNMP, and a set ofRFC's for SNMPv3, which provides security features. The term “SNMPspecifications” is used in this document to refer to the full complementof specifications provided in the RFC's published by the InternetEngineering Task Force (IETF).

-   -   Get

A manager uses a Get PDU to retrieve an item from an agent's MIB

-   -   Set

A Set PDU is used by a manager to set a value in an agent's MIB.

-   -   Trap

An agent uses a Trap PDU to send asynchronous notifications or “alerts”to a manager. The manager does not acknowledge these notifications.

-   -   Inform

An Inform PDU is similar to a Trap PDU. Any SNMP entity (either an agentor a manager communicating with another manager) may use an Inform PDUto send asynchronous notifications. In contrast to a Trap PDU, thereceiving manager must acknowledge an Inform PDU.

Protocol Data Unit Formats—These four categories⁸ of PDU are highlysuited to ATP. Before their use is examined in the context of automotivetelemetry, the actual format specification for the SNMP PDU's will besummarized. FIG. 6 illustrates the format for Get, Set and ResponsePDU's: ⁸ The types of request PDU previously described are categories,within which several sub-types are defined by later versions of SNMP.

-   -   PDU Type

This specifies the type of PDU. This is either one of the four requestPDU types already described or a response.

-   -   Request ID

This is essentially a sequence number for the PDU. The receiver of arequest PDU uses this in the response PDU so that the sender can matchthe response with a previously transmitted request. It also ensures thatthe receiver can filter out duplicate messages. This is particularlyimportant in mobile wireless networking environments, where transientconditions render mobile nodes frequently “unreachable”, which causesthe sender to attempt retries. In this kind of scenario, the probabilityof duplicate messages arriving at the destination is very high.

This is shown in FIG. 7. A request PDU, encapsulated in a datagram, isrouted to a mobile agent through a gateway to a mobile network. It isthen wrapped in a mobile network packet and routed to the mobile agentthrough a wireless link from the closest RF base station. Whereas themobile agent may receive the airlink frame containing the packet, the RFbase station may not “hear” the acknowledgment that is transmitted inresponse. After the requisite timeout period, the RF base reports backto the mobile network gateway that the mobile agent is “unreachable”.When this report is propagated back to the sender (ATP monitor), themessage is re-transmitted.

-   -   Error Status

This field is used only in response PDU's. It indicates one of a numberof errors and error types.

-   -   Error Index

This field is used only in response PDU's. It associates the error (ifapplicable) with one of the “variable bindings” encapsulated in theremainder of the PDU.

-   -   Variable Bindings

This is the data field of the SNMP PDU. Each variable binding is anassociation of a particular instance of a managed object, which is partof the MIB, with its current value (with the exception of Get requestPDU's, for which the value is ignored). The Object Identifier (OID)field identifies the object instance. The value of the variable isencoded according to the triple TLV (type, length, value), where typespecifies the data type, length is the number of bytes in which thevalue is represented in the subsequent stream and value contains thevalue in length byte. This encoding scheme follows the practice set outin the Basic Encoding Rules (BER) of the Abstract Syntax Notationlanguage (ASN.1).

ASN.1 is an ISO-specified language that is often used to define dataexchange protocols at the presentation and applications layers of theOSI model. Its abstract quality enables it to be independent of thedifferent data representation techniques that can be encountered ondifferent computing platforms. Of course, the more abstract the syntaxfor expressing data structure, the more overhead is required when thesestructures are serialized in a data stream over a communicationsnetwork. For this reason, SNMP uses only a subset of ASN.1 (specificallya subset of the BER) in order to restrict the overhead associated withthe encoding scheme and therefore preserving bandwidth on theInternet.[2], [3]

In ATP, still with the objective of preserving bandwidth (which is allthe more important in the mobile environment of ATP) a furtherrestriction may be imposed on the encoding scheme by eliminating thelength field for all but variable length strings. This is shown in thedetailed format of the variable binding in the previous illustration ofthe SNMP PDU format. Only the type field is used. The receiver mustinfer the length of the value field from the received type.

This same format has been adopted, in one embodiment, as a model for theATP PDU's. However, in order to limit unnecessary use of bandwidth inthe wireless environment, the following exceptions are made:

-   1. The Error Status and Error Index fields are not present in the    request PDU's.-   2. The value fields for the variable bindings are not present in Get    PDU's.-   3. The lengths of all fields in the PDU's, including the OID and    value fields in the variable bindings (excluding character strings),    are implicit; i.e. they are not explicitly encoded in the data    stream as specified by ASN.1. The lengths of all the header fields    are restricted to one byte. The length of OID fields is two bytes    and the lengths of the variable binding values are dependent on the    value type, which is encoded in one byte.

ATP Protocol Operations with the SNMP PDU's—As already stated, the SNMPPDU's, with the modifications described in the previous section, areapplicable to the protocol requirements of ATP. Get PDU's are neededwhen an ATP Monitor wants to retrieve the current values for a specificset of managed objects from a vehicle. An example is illustrated in theFIG. 8. A vehicle owner could obtain, from a fixed-location workstation,the vehicle's GPS location, engine speed, road speed and enginetemperature. Both the request for all of this data and the response fromthe vehicle containing all the requested values would be encapsulatedwithin a single ATP message and a unfragmented network packet.

The Trap PDU can be used to send event reports from the vehicle forwhich acknowledgements are not required. A typical example would be arecurring GPS position report. Application software in the on-boarddevice⁹ could generate a ⁹ The SNMP specifications for agent softwarearchitecture call this the Notification Originator Application. The peersoftware in the manager entity is called the Notification ReceiverApplication.

Trap PDU with the GPS position at an interval specified within the datastructure for the GPS “managed object”. The purpose of this reportingwould be to track a vehicle in real-time. Therefore acknowledgementsfrom the Monitor are superfluous since the sender has no reason tore-transmit GPS positions that become immediately stale.

The Inform PDU, which requires acknowledgements, is the mechanism thatis used more commonly in ATP to send a synchronous event report from thevehicle. These events can correspond to:

-   -   Regulatory exceptions (e.g. emissions-related events requiring        intervention)    -   Maintenance exceptions (e.g. fault conditions requiring        immediate inspection/validation/repair)    -   Operational exceptions (e.g. use of the vehicle in an        unauthorized manner)

Since an acknowledgment is required for this PDU, the on-boardmonitoring agent has a means of determining whether the event report hasbeen logged in a database.¹⁰ ¹⁰ It is the responsibility of theNotification Receiver Application to ensure that these reports arecommitted to a database before the acknowledgment PDU is returned to theagent.

The Set PDU is used to remotely change the operating parameters of theon-board device. This could be, for instance, the threshold level atwhich a regulatory exception occurs or the interval of unsolicited GPSposition reports (for a tracking application with Trap PDU's).

MIB Hierarchy and DIB Derivation—The MIB to which SNMP provides accessis a collection of managed objects which are organized hierarchically,as shown in FIG. 9. A managed object¹¹ is one of any number of specificcharacteristics of a managed device. Managed objects are comprised ofone or more object instances, which are essentially variables. ¹¹ Theterms MIB object, object, or simply MIB, are used interchangeably withthe term managed object.

FIG. 9 illustrates the MIB hierarchy as a tree, the levels of which areassigned by different organizations. An object identifier (OID) uniquelyidentifies a managed object in this hierarchy. The top-level OID'sbelong to different standards organizations, while lower-level OID's areallocated by associated organizations. The OID is formed from thesequence of numbers corresponding to the nodes through which a managedobject can be reached from the root of the tree. For example, thesequence:1 3 6 1 2identifies the MIB-2 object, which is the MIB for entities that complywith the specifications of the TCP/IP protocol stack. The full objectname is:iso.identified-organization.dod.internet.mgmt.mib-2

Suppose that this MIB is maintained on a remote router with interfacesto several networks. The objects representing these interfaces aremaintained in a table, each of whose entries is a collection ofvariables associated with network interfaces. Suppose, for instance,that an SNMP manager wanted to retrieve the number of octets received(since the last start-up) on the first network interface. The OIDidentifying this object would be:1 3 6 1 2 1 2 1 10and the object name would beiso.identified-organization.dod.internet.mgmt.mib-2.interfaces.iftable.ifentry-1.ifoctets

A similar arrangement is contemplated for the hierarchy of theDiagnostic Information Base. The question that arises is whether a DIBsub-tree should branch out from the Internet no de or whether an SAEsub-tree should branch out from the Identified Organization. It isevident that these two options would appear as shown in FIG. 10. Theillustration makes the root of the new sub-tree should be the DIB node.Furthermore, since ATP is a (proposed) protocol which operates at thesame level as SNMP within the Internet suite of protocols, it is alsoclear that the DIB should exist with the sub-tree starting at theInternet node.

It is not evident how the DIB could exist within a sub-tree with itsroot at the SAE node, without a duplication of the Internet node. Thiswould be a violation of the rule that any node on the hierarchy can beuniquely identified. Therefore, it would appear to be more logical thatthe new sub-tree originates at the ATP node.

As mentioned previously, the OID's in the variable binding of ATP PDU'sare encoded in a fixed length of two bytes. This means that the entireparent hierarchy of the object is not included to which the OID refers.The prefix1 3 6 1 2 8corresponding to the object nameiso.identified-organization.dod.internet.mgmt.dibis an implicit part of each OID. Only the portion below the DIB node isserialized and transmitted over the network.

User Configuration—At the highest level of the protocol stack, there canbe some form of user interface allowing the installer (or eventually thedriver) to specify which sources of internal vehicular data should beaccessible to which remote “clients”. The next section explains how theidentity of any remote client can be completely authenticated and howthe subsequent data exchange between client and (vehicular) server canbe made secure against any eavesdroppers.

Security—With ATP, the agent should have the authority to accept orreject requests from the monitor, based on the nature of the request andthe identity of the monitor. For instance, a request from a remotemonitor to report the current GPS location may be considered an invasionof privacy if it originates from a location not controlled by thevehicle owner. Similarly, a request for OBD information (SAE J-1979)could also be rejected, unless it originates from the monitor(s)authorized according to the User Configuration.

In order to meet these requirements, the communications link between themobile agent and the monitor must provide both for privacy andauthentication of the requesting entity; i.e. the monitor. An idealframework for this is the Secure Socket Layer (SSL) protocol. SSL wasdeveloped by Netscape and has become the de-facto standard forinter-operable security between clients and servers in the Internet andparticularly for Web-based E-commerce¹². SSL defines a handshakingprotocol allowing for authentication of either party by the other usingpublic-key encryption methods which are effectively unbreakable. ¹² Seethe specification in [4].

Normally, SSL operates on top of TCP/IP, which constitutes theunderlying transport mechanism for Web traffic. However, because of thenature of the telemetry application, ATP uses the UDP/IP stack. Thelower edge of the SSL record layer must therefore be adapted tointerface to the UDP transport mechanism.

FIG. 11 shows the security mechanism of SSL introduced between the ATPlayer and the presentation layer, where the Protocol Data Unit (PDU) isparsed into individual requests for specific sources of data. Thesecurity layer acts as an effective “firewall” against unauthorizedintruders. It authenticates the remote monitor and maintains privacy forthe contents of the subsequent PDU's that are exchanged across thesession. The interface between the SSL handshaking protocol and thepresentation layer should provide a mechanism for SSL to precede theannouncement of a received PDU with an identification of anauthenticated monitor requesting information.

This mechanism, as well as the subsequent data exchange, is illustratedby the sequence in FIG. 11.

The individual steps of this sequence can be described as follows:

-   1. The Monitor's presentation layer notifies its security layer that    it wants to issue a request to the Mobile Agent.

The SSL Handshaking must now take place between client (Monitor) andserver (Mobile Agent).

-   2. The SSL handshake layer asks the SSL Record Layer to encapsulate    the requisite handshake message.-   3. The SSL Record Layer sends an asymmetrically encrypted message    (public key cryptography) to the other side.-   4. The SSL Record Layer delivers a decrypted message to the SSL    Handshake layer.

Steps 2-4 are repeated in both directions until the authentication ofthe client has been established.

-   5. Once the Monitor has been authenticated, SSL reports its identity    to the presentation layer, so that subsequent requests for    information can be accepted or rejected according to the User    Configuration.-   6. The security layer on the Monitor side reports to the    presentation layer that the authentication has been confirmed.-   7. The Monitor's presentation layer sends the PDU to the security    layer for session privacy encryption. The encryption is carried out    with a symmetrical one-time key exchanged between the parties during    the SSL handshaking (and which ensures the privacy of the exchange).-   8. The encrypted PDU is “transmitted” to the Mobile Agent. In other    words, it is passed on down through the Session Layer of the    Monitor's protocol stack.-   9. When the encrypted PDU arrives at the SSL Record Layer of the    Mobile Agent, it is decrypted before being handed-off to the    Presentation Layer.-   10. The response from the Presentation Layer is sent to the SSL    Record Layer. This response may be:    -   data requested by the monitor    -   a confirmation that a command sent by the Monitor has been        executed, or    -   a rejection of either a command or a request for data because        the Monitor does not have the requisite authority for the        request or command.-   11. The SSL Record Layer encrypts the response with the symmetrical    session key and transmits back to the Monitor (i.e. through the    protocol stack starting with the Mobile Agent's Session Layer.-   12. The Monitor's SSL Record Layer decrypts the PDU and hands it off    to the Presentation Layer.

Note that all or part of this sequence could be carried out in thereverse direction. Suppose that the Monitor represents an emissionscontrol regulatory agency and that a Mobile Agent receives a requestevery year from this Monitor to report all non-compliance events. TheMobile Agent may respond with a positive acknowledgment at thepresentation layer, i.e. an acceptance of the request. For the rest ofthe following 365-day period, all exception conditions will cause theMobile Agent to initiate communications to report these conditions. Therequest will therefore emanate from the Mobile Agent whereas theresponse from the Monitor will indicate that the exception report hasbeen noted and logged to permanent storage. (The U-OBD can be configuredto keep these exception reports in Flash memory until an acknowledgmentis received from the Monitor. This ensures that exceptions that occurwhile the vehicle is not within coverage range are not “forgotten”).

Vehicle-to-Vehicle Telemetry—Ad Hoc Networking with WirelessLAN's—OBD-III is an example of telemetry consisting of a mobile serverand a fixed-location client. Also envisioned is the case of aclient-server relationship between two mobile vehicles. A data linkbetween two vehicles can be established using the ad-hoc networkingcapability of the IEEE 802.11 specification for wireless LAN. Ad-hocnetworks in wireless LAN's are created without a central coordinatingnode, called an access point. FIG. 12 illustrates the distinctionbetween an ad-hoc wireless LAN and one with an access point.

By using different spread spectrum channels, both types of networks canco-exist on the same hardware platform. The access point provides thevehicle with connectivity to a Wide Area Network (i.e. the Internet) butis not required for an ad hoc network. The ad hoc network enablesvehicles to establish logical links with their neighbors, which can beused to exchange critical operational information between vehicles.

Ad hoc networks can be created using a scheme embodied herein thatpermits each vehicle to maintain a real-time image of its“neighborhood”. This neighborhood can include vehicles up to fivehundred yards in both the forward and rear directions. The imagemaintained within each vehicle changes dynamically with changes in thesurrounding conditions.

The ATP protocol stack can be used for vehicle-to-vehicle messaging inalmost the same manner as it is used to interact with remote diagnosticclients. The difference is that security restrictions cannot apply inthis case since all vehicles must necessarily and freely exchangeinformation. This is illustrated in FIG. 13.

Applications: Safety vs. Congestion Management—Vehicle-to-vehiclecommunications have been used on an experimental basis in the context of“platooning” for Intelligent Transport Systems (ITS). Platooning issimply one example of what is referred to herein below as “clusterintelligence” on the road. A cluster is the aggregation of vehicleswithin a neighborhood. Since the neighborhood of any vehicle constitutesa fluid network topology surrounding it, the membership of theassociated cluster is dynamic.

The exchange (or the broadcasting) of information within a cluster hasvalue in terms of both road safety as well as traffic management aimedat reducing congestion. In some respects, there is an artificialdistinction between these areas. Better traffic management should resultin better safety and vice versa. The descriptions of the followingapplication areas do not distinguish between these two purposes.

Redundancy—Vehicle on-board systems such as cruise control or cockpitelectronic information systems can benefit from a variety of inputs,including forward collision avoidance radar as well asvehicle-to-vehicle information exchange facilitated by ATP with ad hocnetworking.

Ad hoc networking is therefore seen as providing a supplementary set ofinputs/services to control/information systems. In some instances, theseinputs/services may be complementary to one another whereas in otherinstances they would overlap. For instance, in the case where vehiclesare IEEE 802.11-enabled, radar can complement ad hoc networking byproviding neighbor information for immediate adjacent vehicles. Ofcourse, if these vehicles are also IEEE 802.11-enabled, thisfunctionality overlaps that of radar. This provides a degree ofredundancy that can only be beneficial to the objective of enhancedsafety, particularly since the marginal cost of providing services basedon IEEE 802.11 is insignificant¹³. ¹³Assuming that the vehicle is IEEE802.11-enabled for Wide Area Networking purposes.

The increasing use of mobile data communications for remote on-boarddata acquisition has given rise to a need for a standard architectureenabling interoperability of modules participating in vehiculartelemetry across wide area networks. The application with the greatestpotential for widespread use is wireless On Board Diagnostics (OBD-III),but there is a number of other applications, including vehiclemaintenance and tracking. The paradigm of communications networkmanagement, where nodes such as bridges and routers can be remotelydiagnosed by a management entity, provides an appropriate model forremote vehicular diagnostics. The specifications of the Simple NetworkManagement Protocol (SNMP) are therefore used in novel and unexpectedways as a basis for deriving an Automotive Telemetry Protocol (ATP). ATPoperates in an open Internet environment that enables client-serverrelationships between on-board diagnostic “agents” and “monitors”located anywhere in the network. The SSL protocol is layered above thisto provide security. The same protocol architecture, minus the security,can be layered on top of IEEE 802.11-based ad hoc networks forapplication in intelligent transport systems (ITS).

Network Neighbourhood

The concept of a network neighbourhood has been borrowed as it is usedin the topological sense to characterize adjacent nodes on a data link.If node A can reach (transmit to) node B without traversing acommunications bridge, then A and B are said to be in the sameneighbourhood. This is illustrated in FIG. 14, which depicts two datalinks connected via a bridge. The data link on the right is defined bythe IEEE 802.3 (Ethernet) specification, which is commonly used forwired Local Area Networks (LAN). The data link on the left is specifiedby IEEE 802.11which is wireless LAN. As shown in FIG. 14, A, B and C areneighbours on the wireless LAN, whereas D, E, F and G are neighbours onthe wired LAN. Although this is not clearly shown in FIG. 14, theneighbourhoods of both the wireless and wired LAN's are defined bytopological relationships between the nodes, not by physical distance.If two nodes share the same medium and the quality of the signalsbetween them is acceptable (in terms of error levels), then they aretopologically in the same neighbourhood or adjacent.

In the case of an intelligent highway network neighbourhood, anadditional geographic criterion can be added, if desired, to thedetermination of adjacency. By comparing GPS position reports of othernodes on the data link with its own GPS position, each node can filterout other nodes which are outside of a specified geographical thresholdand therefore not relevant to the operation of the vehicle.

The foregoing description allows up to put forward a definition of anITS Wi-Fi neighbourhood, from the perspective of a single node.

An ITS Wi-Fi neighbourhood is a collection of surrounding IEEE 802.11nodes, sharing a common physical medium (i.e. a specified directsequence spread spectrum channel) as well as the timing parameters formedium access control, and within a relative geographic position that issignificant to the safe operation of a vehicle on any type of publicroadway.

Registration on the Network

The IEEE 802.11 specification defines timing parameters that are used inconjunction with a timing synchronization function to coordinate accessto the medium; i.e. to minimize contention for the channel and to reducethe possibility of collisions. Nodes cannot use the medium to transportdata until they have received the appropriate “registration” frames fromnodes that are already part of the network. Registration frames containthe information needed to correctly operate on the medium, including atime stamp allowing the new entry to synchronize with the existingnodes.

In 802.11, the method used to coordinate access to the medium is calledCarrier Sense Multiple Access with Collision Avoidance (CSMA/CA) whichis similar to the method used in 802.3 (Ethernet). It is based on theidea of “sniffing” the channel for a carrier prior to transmission. Ifthe medium is busy, the node with data to send enters arandomly-computed waiting period before retrying, which minimizes thelikelihood of simultaneous retries by multiple nodes waiting for thechannel (and the resulting “gridlock” that this would create).

The 802.11 specification calls this a distributed coordination function(DCF). It also defines a contention-free mechanism which is called pointcoordination function (PCF). Whereas DCF is the default mode ofoperation, PCF has been made available to handle special scenarios, asin the case of time-critical traffic such as audio and video. TypicallyPCF is provided through a fixed access point, which, in the case of ITS,would take the form of a roadside base station.

Vehicles wishing to have access to the Internet will register withroadside access points using the channel(s) allocated for thisapplication¹⁴. The performance criteria for streaming audio and video,or for VoIP (Voice Over IP), may require the PCF method of channelmanagement. However, the ad hoc network of vehicles sharing the sameneighbourhood will use DCF to manage its channel(s). Since DCF does notrely on the presence of a “master” station to coordinate access to themedium, the ad hoc network does not require a roadside infrastructure inorder to function properly. ¹⁴ See the section entitled Wi-Fi ChannelSelection for a discussion of the distribution of channels between ITSand Internet functions.

This does not preclude the use of a roadside infrastructure. Even ifInternet access and other services are optional, base stations may stillbe required for a variety of ancillary ITS functions, includingdifferential GPS beacons, geographic orientation with respect to thehighway system¹⁵, electronic toll collection, electronic road signageand travel information. ¹⁵ See Wi-Fi Channel Selection.

The registration mechanism itself can be operated in either a passive oran active mode. Both of these methods are described below.

Passive Registration

In the passive mode, a candidate node listens for a beacon frame from anexisting node. In ad hoc networks, all existing nodes transmit beaconframes periodically, allowing nodes entering the network to synchronizewith the existing nodes for channel management. A beacon frame signalsthe start of a contention-free period, during which all other nodes inthe neighbourhood defer transmissions so that new nodes wishing toannounce their presence can do so. Both the interval between beaconframes and the subsequent contention-free period are configurableparameters that are typically set in the ranges of 1-2 seconds, and 100ms-0.5 seconds, respectively. However, as will be seen in the nextsection, there may be several hundred vehicles in the sameneighbourhood, particularly in congested highway conditions, which wouldrender these settings impossible. Increasing the interval between beaconframes is only part of the solution. FIG. 15 illustrates that if everyone of 100 vehicles were to transmit beacon frames at intervals of 10seconds, each announcing the start of a 100 ms contention-free period,there would be no time left during the 10 second period to transmit anyuser data.

The complete solution lies in the fact that the ITS ad hoc network nodesdo not need to negotiate any of the logical management functions ofassociation and authentication, specified in the medium access control(MAC) layer of 802.11. Association is the mechanism whereby one noderequests explicit recognition from another node. In an infrastructurenetwork, requests are sent to an access point, which stores the addressof the requesting node in a local table and sends a response frame. Theaddress table maintained by the access point controls whether packetsdestined for specific addresses are actually transmitted. If noassociation has been established for an address, no user data will besent to it.

However, as explained in the section entitled Neighbour Discovery, mostof the user data in the ITS ad hoc network is sent to the broadcastaddress (i.e. to all nodes), for which no association is required. Thereare some applications in which associations with surrounding vehiclesare required but these would be only with the physically adjacentvehicles. Each node should only negotiate associations with neighboursinside a prescribed boundary wherein the driving manoeuvres of thoseneighbours are significant enough to warrant unicast messages (i.e.addressed to specific destination node). Since each node will receive afar greater number of beacon frames from neighbours with which it doesnot need associations, the contention-free periods following thesebeacon frames will be essentially wasted. In order to preservebandwidth, the contention-free period should be reduced to a minimumallowable value (say, 1 ms) and the negotiation of associations shouldbe triggered not by the reception of beacon frames, but by conditionsdetermined through the Discovery process, which is described in the nextsection.

Authentication is the process whereby the requesting node is grantedpermission to communicate using a symmetrical encryption key. In the ITSad hoc network, authentication is not only not required, it isanti-thetical to the concept of vehicle platooning or “clusterintelligence” because all parties must necessarily and freely exchangeinformation without restriction.

Active Registration

The active registration method enables the candidate node to send probeframes, which are essentially “ping” requests for some other node torespond. In the ad hoc network topology, probes must be broadcast to alllisteners, as there is no single node that can be relied upon to alwaysbe present (i.e. fixed access point). The IEEE 802.11 rule is that theresponse to a probe is sent by the node which transmitted the mostrecent beacon frame.

The facility of active registration enables us to minimize the use ofbandwidth by the transmission of beacon frames. Suppose the intervalbetween beacon frames is configured to 60 seconds. With acontention-free period of only 1 ms after each beacon frame, a platoonof 5 vehicles would use roughly 0.01% of the available time for beaconframe broadcasts, and a platoon of 500 vehicles would use only 1%.

The scenario with 5 vehicles is shown in FIGS. 16 a and 16 b. Theaverage time between beacon frames is 12 seconds. Each vehicle in theplatoon is numbered according to its sequence position for transmittingbeacon frames. Vehicle 6, entering on the access ramp, beginstransmitting probe request frames after vehicle 4 transmits its beaconframe, in order to discover a new ad hoc network¹⁶. Vehicle 4 respondsalmost immediately with a probe response¹⁷. ¹⁶ The new vehicle enteringthe expressway must know when to try to switch to a new ad hoc network.As discussed in Wi-Fi Channel Selection, specific channels are allocatedto vehicular flows on divided highways based on heading. We assume thatvehicles are not equipped with accurate digital maps and therefore notable to use GPS to determine whether they are entering divided highways.It is therefore necessary to adopt the rule that when the “forward”region of a vehicle's neighborhood suddenly becomes “depopulated”, thevehicle must begin broadcasting probe frames on all appropriate channelsuntil it receives a response from a vehicle with a matching heading. Seethe section entitled Changing Neighborhoods.¹⁷ Probe response framesmust contend for the channel with Neighbor Discovery and other usertraffic. See the sections below.

Neighbour Discovery

The neighbour discovery mechanism is comparable to the concept ofneighbor discovery protocols used for routing data traffic in networkenvironments with dynamic topologies. The method is based on unsolicitedneighbor advertisements that incorporate, as explained previously, ageographic component. These are periodic messages that each nodebroadcasts containing its GPS information, including latitude,longitude, speed and heading¹⁸. ¹⁸ Elevation may also be required. Thiswould enable receiving vehicles to distinguish vehicles on elevatedexpressways from those at grade level.

The neighbour advertisements are used by each node in the ad hoc networkto establish an “image”, in memory, of the current configuration of theneighbourhood. FIG. 17 illustrates this concept, showing theneighbourhood image formed by the second vehicle in the passing lane.

The time interval between broadcasts, called the discovery cycle, mustbe frequent enough to maintain a picture of the neighbourhood that isaccurate in terms of the relative position of each neighbour. Theaccuracy of GPS reports, in terms of the relative location of two nodesin geographic proximity to one another, is much higher than the accuracyof absolute GPS reports, since the error inherent in the processing ofthe satellite signals should affect all nodes equally. Therefore, therelative position of each node with respect to the other should,theoretically, contain essentially no error, enabling vehicles to judgethe distances between them with a level of precision that is effectivefor the tasks of collision avoidance and platooning. For instance, theposition of a vehicle traveling at 70 mph changes by more than 100ft/sec. This would suggest a requirement for several updates per secondin order to maintain accuracy. However, the frequency of updates isconstrained by the amount of data traffic that is generated during thediscovery cycle, in order to avoid channel contention. This, in turn, isa function of the number of vehicles that are within RF range, i.e. theneighborhood population.

It should be recognized, however, that there is a circular relationshipbetween all of these variables. The neighbourhood population is afunction of the average speed of the surrounding vehicles. The greaterthe speed, the smaller the neighbourhood population; therefore thesmaller the amount of data traffic in the discovery cycle which allowsfor a greater frequency of updates.

This can be illustrated by example. At 70 mph, the safe stoppingdistance is roughly 200 feet. Assuming all vehicles respect therecommended stopping distance¹⁹, a maximum RF range of 3000 ft²⁰ and amaximum of four lanes in the same direction²¹, the surroundingneighbourhood can contain a maximum of 60 vehicles. ¹⁹ This is, ofcourse, one of the ultimate objectives of this technology.²⁰ Based on amaximum range of 0.5 kilometers for each transmitter, each node can heartransmissions within this radius. The “width” of the neighborhood istherefore 1 kilometer or approximately 3000 ft.²¹ Vehicles traveling inthe opposite direction or in adjacent “collector” or “express” streams,do not transmit discovery frames on the same channel. See Wi-Fi ChannelSelection.

To determine the total amount of traffic that is transmitted over thespread spectrum channel, we must first establish the total size of eachdiscovery packet. This is shown in FIG. 18, which describes the protocolstack from the physical to the session (ATP) layer. It is expected thatall of the required user information above the data link layer (IEEE 802Logical Link Control) can be compressed into 8 bytes. The result is aframe size, at the Physical Layer Convergence Procedure (PLCP) sublayerof 64 bytes. Therefore, the total amount of traffic in the discoverycycle is64×60=3840 bytes or 30,770 bits.

At 11 Mbps²², the data rate of the spread spectrum channel should beable to support several discovery cycles within an interval of onesecond, even allowing for some degradation of throughput due to channelcontention with such a relatively large number of nodes. ²² For Reasonsexplained in Channel Selection , the data rate of channels using ad hocnetworking would more likely be 2 Mbps, which is still expected to besufficient for several discovery cycles per second.

In order to compensate for this change, the event queue of the “clusterintelligence” process should include a periodic timer that drives anupdate of the position of all vehicles in the neighbourhood, based onthe speed and heading reported in their last broadcasts.

Filtering Neighbour Advertisements

Each node can limit the population of its neighbourhood such that onlythose neighbours that are close enough to have a potential impact on thesafe operation of the vehicle are included. By filtering out node beyondthis boundary, the size of the collections of neighbour “objects” inmemory are restricted and the amount of processing necessary toperiodically update any state variables belonging to these objects arelimited.

Message Compression

It has been stated that the GPS discovery message can be compressed into8 bytes. This is accomplished by incorporating only the leastsignificant 2 bytes of both the latitude and longitude²³. These 2 bytesrepresent the fractional part of the minutes portion of the reading.This is sufficient since one minute of latitude or longitude is greaterthan one mile, which is well beyond the maximum RF range of 0.5kilometers. Therefore, a receiving node can easily reconstruct the GPSposition of the transmitting node by substituting the degrees andminutes of its own GPS position for both latitude and longitude. It mustalso increment or decrement these values where appropriate nearmeasurement boundaries. For instance, if a receiving node has latitudeof 43 degrees and 56.9982 minutes, whereas the message receivedindicates a fractional value of 0.0053 minutes, the minutes valuesubstituted should be 57 instead of 56. ²³ The size of this messageincreases to 10 bytes if elevation is included.

FIG. 19 illustrates the format of the complete GPS discovery message.The speed is an integer value from 0 to 255 (one byte) and the headingis from 0-360 (9 bits) with 7 bits of fractional degrees. The leadingbyte indicates, in the most significant bits, the channel to be used bythe sender for broadcast on the next discovery cycle. This is explainedin the following section. The other bits of the leading byte arereserved for future use.

Wi-Fi Channel Selection²⁴

The 802.11 specification for mobile applications calls for at least 3channels of direct sequence spreading (DSS) which can operateconcurrently without interference. However, through software-basedconfiguration of the transmitter, more channels can be obtained at lowerdata rates. For instance, by allocating a single 11 Mbps channel forhigh speed internet access, a larger number of at least six 2 Mbpschannels can be obtained from the remaining bandwidth. This allowsmobile nodes to separate ad hoc networking data traffic frominfrastructure-based data traffic that uses roadside access points.Since there is no need for communications between vehicles on oppositesides of a median, it suffices for each node to monitor the channel usedto broadcast discovery messages by all other nodes traveling in the samedirection. ²⁴ This section describes the use of the channels availableunder the specification for the unlicensed 2.4 GHz band. Thisspecification is entitled IEEE 802.11(b). The use of the IEEE 802.11 MACwith other frequency bands, such as the 5.9 GHz band allocated by theFCC for intelligent highways, may prescribe different modulation andchannelization techniques such that the number of channels available maybe different. However, the notion of allocating the channels availableto various IVHS functions would not change.

In order to avoid unnecessary channel contention between vehiclestraveling in opposite directions, the channel selection for discoverybroadcasts can be determined on the basis of heading. A simple schemewould be to allocate 4 of the 10 channels for ad hoc networking and todivide the compass into four quadrants²⁵. However, as FIG. 20 shows,this would not handle the case where a slight curvature of the roadwaywould result in a following vehicle listening to a channel on which theleading vehicle is no longer transmitting. This can be resolved byflagging the discovery message in a way that indicates to neighbours onwhat channel the next message will be transmitted. ²⁵ An additionalchannel should be allocated for use by all vehicles on non-dividedhighways and city streets.

In other words, when a vehicle detects that its heading has shifted intoa different quadrant, it should not immediately begin transmitting onthe corresponding channel. The next message is transmitted on thecurrent channel but all listeners are advised of the channel that willbe used on the subsequent message²⁶. Only the following vehicle shouldswitch to monitoring the new channel. It should also switch if itdetects the heading change before it receives the change of channel flagfrom the vehicle ahead. ²⁶ Note also that the subsequent message cannotbe transmitted until registration on the new channel has taken placeusing probe frames.

This vehicle enters a transitional phase where it may monitor adifferent channel than the one on which it transmits. During thisperiod, the next following vehicle will receive messages only fromneighbours transmitting on the “old” channel (i.e. prior to thecurvature in the road). It will not receive any Discovery messages. Moreimportantly, it will not receive any asynchronous event reports fromseveral vehicles ahead in the platoon. In order to compensate for this,it needs to continuously scan both the “old” and the “new” channelsuntil it receives a “next channel” flag from the vehicle ahead of it.

Changing Neighbourhoods

To establish the conditions under which a vehicle changesneighbourhoods, reference is made to the definition of an ITS Wi-Fineighbourhood given earlier. The neighbourhood changes when there is achange in the shared medium. An example of such a change has alreadybeen described, when the roadway heading shifts to a new compassquadrant and there is a staged transition of the platoon to a new Wi-Fichannel.

In order to address this issue, the following question needs to beanswered: how does a vehicle determine that it is entering an expresswaywithout requiring the use of detailed digital maps? The solution issimple if the vehicle is following another one that is entering theexpressway. It is the leading vehicle's problem! The following vehiclesimply needs to monitor the current channel for a “next channel” flagfrom the leading vehicle. Of course, this is a facile solution since itshifts the problem to the leading vehicle and besides, it does notaddress the scenario where there is no leading vehicle that is currentlywithin the neighbourhood.

The answer is provided by the mechanism for active network registrationusing probe frames. When a vehicle detects that it has no one ahead ofit, it must begin to probe whichever of the four channels allocated tothe quadrants of the compass in which the vehicle's current headingfalls. Until it receives a response from some node on the new channel,it should continue to monitor the existing channel used for undividedhighways and city roads. One of two possibilities will occur.

-   -   new neighbours are found (through the discovery mechanism on the        existing channel). These could be moving either in the same or        the oncoming direction. Or even in a transversal direction.        Their locations preclude the possibility that the vehicle is on        an access ramp to an expressway. In this case, the vehicle        ceases the periodic probes.    -   a probe response is received on the new channel. The vehicle        must prepare to switch channels and notify all its current        neighbours that it is doing so by setting the “next channel”        flag in its next discovery message.

This scenario is reversed in the case where a vehicle leaves a dividedexpressway.

Service Advertisements

There may be cases where specialized nodes may provide streams ofinformation that would be costly, in terms of bandwidth, to broadcast inan unsolicited fashion. Instead, these nodes can advertise theavailability of such services by periodically broadcasting a messagenotifying all listeners that the service is available upon request.Examples of this would be a digital video camera mounted on board avehicle or on a traffic signalization light.

Applications

Safety vs. Congestion Management

The application of ad hoc networks to ITS tasks has value in terms ofboth road safety as well as traffic management aimed at reducingcongestion. In some respects, there is an artificial distinction betweenthese areas. Better traffic management should result in better safetyand vice versa. The descriptions of the following application areas donot distinguish between these two purposes.

Event Notification

All nodes participating in an ad hoc ITS network are required to informtheir neighbours of any operational events that may be significant to aneighbouring vehicle, such as acceleration, brake application, turn orlane change, etc. These events should be reported as asynchronousnotifications sent to the broadcast address. In other words, anyneighbour that is listening should receive a real-time notification ofthe event. For instance, application of the foot brake would be reportednot only to the following vehicle behind but to every other vehicle inthe following platoon. The reaction time to a brake light (if it isworking) is typically in the range of 0.5 seconds. Therefore, if thevehicle at the head of a platoon of seven vehicles applies the footbrake, the vehicle at the end of the platoon could receive notificationas much as 3 seconds before seeing the brake lights of the vehicle infront of it.

All asynchronous event notifications should be repeated up to n times,where n is a configurable parameter of the IEEE 802.11 MIB (ManagementInformation Base). Repetition of event notifications will ensure thatfollowing neighbours required to listen to more than one channel (duringthe transition phase described in Wi_Fi Channel Selection) will have anopportunity to hear the message.

Intention Notification

The ad hoc network provides the means for vehicle-to-vehiclenotification of intention with respect to driving maneouvres. A class ofsuch notifications can be specified that require explicitacknowledgements from the receiver of the notification. (AcknowledgedConnectionless Service of the LLC layer) These correspond to Setcommands that can be issued through the use of an ATP client service. Byacknowledging these notifications, the receiver informs the sender thatit is “aware” of the sender's intentions. The state of knowledge of bothparties can then become inputs to their respective control or cockpitelectronic information systems.

Pass

FIG. 21 demonstrates an example of a driving maneouvre that can beassisted by ad hoc networking. The speed of vehicle A in the passinglane is greater than that of vehicle B in the slow lane. Assuming thatthe speed of B remains constant, A can determine how much time remainsbefore it passes B, using its own speed and the neighborhood position ofB. When the remaining time equals the time interval required for advancenotification (Δτ), A sends a unicast frame to B containing anotification of intention to pass on the left. If B responds with anacknowledgment, A is therefore able to provide the appropriate controlor driver information system with a confirmation that the vehicle to bepassed is “aware” of the intentions.

Lane Change

The intention to change lanes can be announced and acknowledged in amanner similar to the intention to pass. The vehicle preparing to changelanes issues its notification to the closest following vehicle in thelane to which it intends to change. Again, both parties are aware andprepared for the manoeuvre.

Merge/Yield

One of the most interesting potential applications of ad hoc networkingis the management of lane mergers and yielding on access ramps and laneclosure on expressways. As illustrated in FIG. 22, both the yielding andthe merging vehicles are aware of each other's location and speed, whichprovides their respective cockpit electronic information systems withinputs to assist the driver in a smooth adjustment to the newconditions.

Intelligent Traffic Signalization/Highway Information Systems

Discussed herein above is the capability of Wi-Fi to support concurrentad hoc networking and infrastructure-based communications. Whereasintelligent traffic lights would be part of the roadside infrastructure,they would need to use the channels allocated for ad hoc networking inorder to be effective, since it is only these channels that areregularly monitored by vehicles. Using Wi-Fi, an intelligent trafficlight could, for example:

-   -   transmit a “yellow light” notification to approaching vehicles    -   alert vehicles in the transversal direction of oncoming traffic        at high speeds²⁷    -   identify vehicles that run red lights²⁸ ²⁷ If oncoming vehicles        are not equipped with Wi-Fi but the traffic light can detect        them with radar.²⁸ The traffic light would request the        registration from the vehicle that ran through the light. The        request would be authenticated, at the ATP level, as coming from        an authorized client. If fact, this would create a deterrent        that would probably eliminate the problem entirely.

On the other hand, highway information systems (electronic signage,automated toll collection, etc.) should not operate on the ad hocchannels (unless it can be determined that substantial bandwidth remainseven under the most congested driving conditions). Vehicles couldmonitor these infrastructure channels as initiated and terminated bydriver input functions.

Server

The disclosure of PCT Application serial number PCT/CA98/00986 filedOct. 23, 1998 entitled TELECOMMUNICATIONS SYSTEM specifies the mechanismwhereby an Internet gateway to a hybrid network (“Hybrid Gateway”) willforward traffic over one of several alternative wireless data links tothe same destination IP address.

One embodiment of the method described is differentiated from the priorart in terms of what it does not incorporate, in contrast to what itdoes incorporate. In that embodiment, when a packet fails to traverse asegment of the path to an Internet destination, it is the responsibilityof the last router, prior to the failed segment, to report the errorback to the source (as specified in Internet Engineering Task Force RFC792). The use of ICMP, as foreseen in RFC 792, is all the more importantfor wireless extensions to the Internet in that failures to reach mobilenodes are expected to be a common occurrence, in contrast to the wiredportion of the Internet, where failures indicate an unanticipatedproblem. Therefore the system described in the disclosure complies withRFC 792. When a failure over a wireless segment is encountered, therouter (i.e. the Hybrid Gateway) returns an ICMP “Unreachable” error tothe source. It is the responsibility of the source host to attemptre-transmissions of the IP datagram. In the interim, the Hybrid Gatewaywill have raised the impedance along the wireless data link used on thefirst attempt. Therefore, when the re-transmitted datagram arrives fromthe source host, the routing function will take into account theincreased impedance and forward the datagram along a less expensivepath.

This embodiment enables the system to “scale” to a level where the datatraffic for large numbers of mobile nodes (10,000-100,000 or greater)can be effectively supported by the Hybrid Gateway, without having toallocate memory and system resources (e.g. timers) to keep track offailed packets and re-transmission attempts. An analogy can be drawnbetween this scenario and a letter that is mailed to an incorrectaddress. Suppose the addressee no longer lives at that location. ThePost Office can not take the responsibility of trying to find theaddressee and to deliver the letter, because this would be too costly.The letter is simply returned to the sender. The disclosure describes asimilar methodology, which adheres to IETF principles and minimizescost, whereas the prior art implies that the entity responsible forrouting has unlimited resources with which to assume responsibility fordelivering failed packets.

REFERENCES

The subject matter of each of the references herein below isincorporated herein by reference.

-   [1] J. D. Case, M. Fedor, M. L. Schoffstall, and C. Davin. “Simple    Network Management Protocol (SNMP)” , RFC 1157, SNMP Research,    Performance Systems International and MIT Laboratory for Computer    Science, May, 1990-   [2] Information processing systems—Open Systems Interconnection,    “Specification of Abstract Syntax Notation One (ASN.1)”,    International Organization for Standardization, International    Standard 8824, December 1987.-   [3] Information processing systems—Open Systems Interconnection,    “Specification of Basic Encoding Rules for Abstract Notation One    (ASN.1)”, International-   [4] A. O. Freier, P. Karlton, P. C. Koche, “The SSL Protocol,    Version 3.0”, Internet Draft, Netscape Communications, March 1996.-   [5] Internet Engineering Task Force, Perkins, C. (ed.), “IPv6    Mobility Support”, March 1995.-   [6] Narten, T., Nordmark, E., and W. Simpson, “Neighbor Discovery    for IP Version 6 (IPv6)”, RFC 1970, August 1996.-   [7] Deering, S. and Hinden, R., “Internet Protocol, Version 6 (IPv6)    Specification”, RFC 1883, December 1995.-   [8] Conta, A. and Deqring, S., “Internet Control Message Protocol    (ICMPv6) for the Internet Protocol Version 6 (IPv6) Specification”,    RFC 1885, December 1995.

1. A method of collecting vehicle operation data from a vehicle forlater transmission, over a public communication channel including awireless data link, to a plurality of authorized remote monitors,comprising: providing a vehicle on-board computing device; providing anumber of data acquisition modules, each to measure one or moreoperating characteristics of the vehicle, the operating characteristicscorresponding to current values of a set of managed objects, the set ofmanaged objects being configured according to an SNMP-derived protocol;interfacing the vehicle on-board computing device with each of the dataacquisition modules; configuring the vehicle on-board computing deviceto: a) form a diagnostic information base for receiving and storingvalues for each of the managed objects from each of the correspondingdata acquisition modules; b) receive and store values for each of themanaged objects in the diagnostic information base; and c) form a listof the plurality of authorized remote monitors, and index the list sothat at least one authorized remote monitor is permitted to receive amanaged object value that another authorized remote monitor is notpermitted to receive, and to store the index; enabling the vehicleon-board computing device to: a) assemble an event report to report avehicular event, of a type not requiring an acknowledgement from anauthorized remote monitor, based on the values of the correspondingobjects; b) package the event report in a TRAP protocol data unitaccording to the SNMP-derived protocol, the TRAP protocol data unitreporting a GPS position, for dispatch to an authorized remote monitor;and c) establish communication with the authorized remote monitoraccording to the stored index, over the public communication channel;and to dispatch the TRAP protocol data unit to the authorized remotemonitor.
 2. A method of collecting vehicle operation data from a vehiclefor later transmission, over a public communication channel including awireless data link, to a plurality of authorized remote monitors,comprising: providing a vehicle on-board computing device; providing anumber of data acquisition modules, each to measure one or moreoperating characteristics of the vehicle, the operating characteristicscorresponding to current values of a set of managed objects, the set ofmanaged objects being configured according to an SNMP-derived protocol;interfacing the vehicle on-board computing device with each of the dataacquisition modules; configuring the vehicle on-board computing deviceto: a) form a diagnostic information base for receiving and storingvalues for each of the managed objects from each of the correspondingdata acquisition modules; b) receive and store values for each of themanaged objects in the diagnostic information base; and c) form a listof the plurality of authorized remote monitors, and index the list sothat at least one authorized remote monitor is permitted to receive amanaged object value that another authorized remote monitor is notpermitted to receive, and to store the index; enabling the vehicleon-board computing device to: a) assemble an event report to report anexceptional vehicular event, in which a regulatory threshold level hasbeen exceeded, and of a type requiring an acknowledgement from theauthorized recipient; b) package the event report in an INFORM protocoldata unit according to the SNMP-derived protocol, for dispatch to anauthorized remote monitor; c) establish communication with theauthorized remote monitor according to the stored index, over the publiccommunication channel; and to dispatch the INFORM protocol data unit tothe authorized remote monitor; d) wait for a confirmation that theINFORM protocol data unit has been logged in a data base by theauthorized remote monitor.
 3. A method as defined in claim 2, furthercomprising the step of re-transmitting the INFORM protocol data unit inthe absence of a confirmation that the INFORM protocol data unit hasbeen logged in a database by the authorized remote monitor.
 4. A methodas defined in claim 1, the SNMP-derived protocol including a protocolstack having a Secure Sockets Layer (SSL) security layer.
 5. A method asdefined in claim 2, the SNMP-derived protocol including a protocol stackhaving a Secure Sockets Layer (SSL) security layer.